MWR InfoSecurity identified a vulnerability in OpenSC. The vulnerability can be triggered using a malicious smart card.
A buffer overflow vulnerability was identified in the code handling the smart card’s serial number in the following drivers:

card-atrust-acos.c

card-acos5.c

card-starcos.c

An attacker could use this vulnerability to execute arbitrary code in the target system. To successfully exploit this vulnerability the attacker will be required to insert a specially crafted smart card in the target system.
The vendor has implemented a fix. Users should upgrade to the latest version of OpenSC.